Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
131132133134135136137138139140
Table 28 World-Writable File Created Alert Properties (continued)
DescriptionAlert Value/FormatAlert Field TypeAlert FieldResponse
Program
Argument
<performed action on> is set to
one of the following:
created the world-writable file
created the world-writable
directory
created the world-writable
character special file
created the world-writable
block special file
created the world-writable
pipe (fifo) file
renamed the world-writable
file
changed the owner of the
world-writable file
enabled the world-writable
permission on file
performed system call
<number> on the file
The event that triggered the
alert.
Following are the possible values:StringEventargv[9]
File created
Directory created
Special file created
File renamed
File ownership modified
File permission modified
Miscellaneous event
NOTE: See Table 41 (page 150) in Appendix B for the definition additional arguments that can
be used to access specific alert information (for example, pid and ppid) without parsing the string
alert fields.
Limitations
The World-Writable template has the following limitations:
The template cannot always distinguish whether a world-writable file is created, or whether
an existing world-writable file is opened with the create flag set. The template can generate
an alert that a world-writable file is created even though the file already exists, and is opened
with the create flag set.
The template cannot always distinguish whether a world-writable file is created, or whether
an existing world-writable file is truncated. The template can generate an alert that a file is
created, instead of generating an alert that a world-writable file is truncated.
Modification of Another User’s File Template
The vulnerability addressed by this template
In many environments, users are expected to work with their own files. An attacker attempting to
compromise the security of a system can cause a system program to modify various files owned
Modification of Another User’s File Template 133